General
-
Target
a570d06e08ae46a61c775e3c3fc252bc_JaffaCakes118
-
Size
26KB
-
Sample
240818-fd7b3swdph
-
MD5
a570d06e08ae46a61c775e3c3fc252bc
-
SHA1
97824b4dd27368429f450625b560196e9bf91a92
-
SHA256
bf98d045cd97c5b6efc48ceaf1aaf736bb41dddd3d1b4e4b1e6cd42568fe02bc
-
SHA512
961a25eff7a93948e2ab45026f96453f192153a83e4da4b119ee6a323f5aac7dee70d9927ec77f0ce66299099ed8250583145f869027827196a741e3812ab611
-
SSDEEP
384:EDmxsvw+nC7+z7pFZowqrdjLRi8JgxEd1iagAAunpe7achfzv/djPmd05KUI5aB1:Eyxsv4Mb+dRdSxEHj1WDFK/UlBfRwk
Behavioral task
behavioral1
Sample
a570d06e08ae46a61c775e3c3fc252bc_JaffaCakes118.exe
Resource
win7-20240708-en
Malware Config
Extracted
xtremerat
mal3k.no-ip.org
Targets
-
-
Target
a570d06e08ae46a61c775e3c3fc252bc_JaffaCakes118
-
Size
26KB
-
MD5
a570d06e08ae46a61c775e3c3fc252bc
-
SHA1
97824b4dd27368429f450625b560196e9bf91a92
-
SHA256
bf98d045cd97c5b6efc48ceaf1aaf736bb41dddd3d1b4e4b1e6cd42568fe02bc
-
SHA512
961a25eff7a93948e2ab45026f96453f192153a83e4da4b119ee6a323f5aac7dee70d9927ec77f0ce66299099ed8250583145f869027827196a741e3812ab611
-
SSDEEP
384:EDmxsvw+nC7+z7pFZowqrdjLRi8JgxEd1iagAAunpe7achfzv/djPmd05KUI5aB1:Eyxsv4Mb+dRdSxEHj1WDFK/UlBfRwk
-
Detect XtremeRAT payload
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1